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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims; 

1. (Currently Amended ) A method for calculating a One Time Password, comprising: 
concatenatin g, by a computer, a secret with a count, where the secret is uniquely assigned 

to a token and is shared between the token and an authentication server, and the count is a 
number that increases monotonically at the token with the number of One Time Passwords 
generated [[a]] by the token and increases monotonically at the authentication server with each 
calculation [[at]] by the authentication server of a One Time Password; 

calculatin g, by a computer, a hash based upon the concatenated secret and count; and 

truncating the result of the hash to obtain a One Time Password. 

2. (Currently Amended) A method for authenticating a request for access to a resource, 
comprising: 

receiving [[at]] by an authentication server a request for authentication that includes a 
serial number that is uniquely associated with a token, a personal identification number 
associated with a user and a One Time Password generated [[at]] by a token, wherein the One 
Time Password is based upon the value of a count at the token and a secret shared between the 
token and the authentication server; 

retrieving [[at]] by the authentication server the value of a count that corresponds to the 
token based upon the serial nimiber; 

retrieving [[at]] by the authentication server the secret that corresponds to the token based 
upon the serial number; 

calculating [[at]] by the authentication server the value of a One Time Password based 
upon retrieved values of the count and the secret corresponding to the token; 

comparing the calculated One Time Password with the received One Time Password; and 
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if the calculated One Time Password corresponds to the received One Time Password, 
the request is determined to be authenticated; 

if the calculated One Time Password does not correspond to the received One Time 
Password, then incrementing the value of the count at the authentication server and recalculating 
the One Time Password based upon the incremented count and the secret, and comparing the 
recalculated One Time Password with the received One Time Password; 

if the recalculated One Time Password does not correspond to the received One Time 
Password, then repeating to increment the count and to recalculate the One Time Password until 
the recalculated One Time Password corresponds to the received One Time Password. 

3. (Original) The method of claim 2, wherein the hash function is SHA-1. 

4. (Original) The method of claim 2, wherein the secret is a symmetric 
cryptographic key. 

5. (Original) The method of claim 2, wherein incrementing the count and recalculating the 
One Time Password is repeated a predetermined number of times, and if the recalculated One 

Time Password docs not correspond to the received One Time Password by the end of the 
predetermined number of times, the request is determined to be not authenticated. 

6. (Currently Amended) A method for authenticating a request for access to a 
resource, comprising: 

receiving [[at]] by an authentication server a request for authentication that includes a 
usemame that is uniquely associated with a user, a personal identification number associated 

with a user and a One Time Password generated at a token, wherein the One Time Password is 
based upon the value of a count at the token and a secret shared between the token and the 
authentication server; 

retrieving [[at]] by the authentication server the value of a count that corresponds to the 
token based upon the usemame; 
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retrieving [[at]] by the authentication server the secret that corresponds to the token based 
upon the usemame; 

calculating [[at]] by the authentication server the value of a One Time Password based 
upon retrieved values of the count and the secret corresponding to the token; 

comparing the calculated One Time Password with the received One Time Password; and 

if the calculated One Time Password corresponds to the received One Time Password, 
the request is determined to be authenticated; 

if the calculated One Time Password does not correspond to the received One Time 
Password, then incrementing the value of the count at the authentication server and recalculating 
the One Time Password based upon the incremented count and the secret, and comparing the 
recalculated One Time Password with the received One Time Password; 

if the recalculated One Time Password does not correspond to the received One Time 
Password, then repeating to increment the count and to recalculate the One Time Password until 
the recalculated One Time Password corresponds to the received One Time Password. 

7. (Original) The method of claim 6, wherein the hash fimction is SHA-1. 

8. (Original) The method of claim 6, wherein the secret is a symmetric cryptographic key. 

9. (Original) The method of claim 6, wherein incrementing the count and recalculating the 
One Time Password is repeated a predetermined number of times, and if the recalculated One 
Time Password does not correspond to the received One Time Password by the end of the 
predetermined number of times, the request is determined to be not authenticated. 

10. (New) The method of claim 2, wherein the secret is uniquely assigned to the token. 

1 1 . (New) The method of claim 6, wherein the secret is uniquely assigned to the token. 
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